Professional Documents
Culture Documents
Detailed Module
Module Structure This training module introduces you to Ethical Hacking and Information Security. It presents today's most critical cyber security vulnerabilities and solutions for fixing such vulnerabilities.
www.kyrion.in
Program and Functional Managers/Application Owners Technology Providers Supporting Functions Users
Common Threats: A Brief Overview Errors and Omissions Fraud and Theft Employee Sabotage Loss of Physical and Infrastructure Support Malicious Hackers Industrial Espionage Malicious Code Foreign Government Espionage Threats to Personal Privacy Virtualization Introduction to Virtual Machines and Virtualization Concept of Virtualization Need and Advantages of Virtualization Installation and Configuration Requirements o Hardware Requirements o Software Requirements Installation and Configuration Performance Optimization o Performance in a Virtualized Environment o CPU & Memory Performance o Guidelines for Resources and Access Control o Network Performance Optimization Host Only to Host Only Networking Host Only to LAN Networking o Storage Performance o Virtual Machine Performance o Application Performance Kyrion Digital Securities (P) Ltd.
Security Implementation Security Implementation o Fixing via Patches o Optional IDS/IPS Installation o Logging and Error Checking Troubleshooting Network Troubleshooting Memory Troubleshooting Storage Troubleshooting Data Security and Backup o Backup of Data o Backup of Virtual Machine Removing and Uninstalling of Virtual Machine Basics of Operating System Getting inside of OS Types of OS Boot Process Kernel and Library File System Kernel Library Drivers Software Application Registry Database Basics of Linux Drive References File Names Kernel o Kernel Threading o Multithreaded Application Support o Installation www.kyrion.in
o Configuration o Compilation Compiling Programs in Linux Introduction to GCC Compiler Linux Vulnerabilities Concept of Open Source Code
Internet Connection Sharing Setting up ICS Restricting and Limiting Network Users
Basics of Mac OS History of Mac OS File system Hierarchy o Local File System o Device Driver Partitions o General Installation in VMWare Basics of Networking Introduction to Computer Networks Introduction of Network and Networking Network Devices Networking Ports and Protocols o Well Known TCP and UDP Ports Various Networking Aspects Routing Technology o Networking Topology o Transmission Modes IP Addressing and Subnetting Machine Identification: MAC Addresses OSI Reference Model: Open System Interconnection/Interface Introduction to OSI Model Layers of OSI Model o Responsibility of each layer o Protocols used for each layer o Hardware devices for each layer Reasons for Failure of OSI Model TCP/IP Model vs OSI Model
www.kyrion.in
Various Roles of Google as a Friend of Hacker Google Advance Search Operators Hacking Tool o Anonymity with Google o Using Google as a Proxy Server Directory Traversal Tool Vulnerable Website Locator Locating via Company Tags Locating via Web Applications Locating via Common Names Google Hacking Database Tools for Google Hacking Gooscan Goolink Scanner URL Harvester Email Forgery Introduction to E-mail Email Server What is an Email Server? o Introduction o Types o Working How to Setup an Email Server? Email Forgery Introduction to Email Forgery Ways of Email Forgery PHP Fake Mail Scripts Fake mail sending websites Email Spamming and Email Bombing Social Engineering Get in Touch Definition of Social Engineering Impact of Social Engineering Kyrion Digital Securities (P) Ltd.
o Financial Loss o Identity Loss o Mental Harassment Types of Social Engineers o Hacktivists o Industrial Espionage Agents o Economic Espionage Agents o Identity Thieves o Competitive Marketers o Criminals o Scammers o Terrorists o Frustrated Employees o Finicky Spouse Need, Goals and Prime Targets of Social Engineering
Social Engineering Shootout Attack Cycle Communication Skills Phone Calls Social Engineering Attack with Tech Spices: Malware Spywares Keyloggers The In-Person Attack Dumpster Diving Taking help of Google
DNS Zone Enumeration Web Application Automated Scanning Web Application Scanning: What & Why What is Web Application Scanning Why to do Web Application Scanning Types of Web Application Scanning o Automated v/s Manual Approach Automated Web Application Scanning Need of Automated Web Application Scanning Advantages of Automated Web Application Scanning Tools for Automated Web Application Scanning Tools for Automated Web Application Scanning Free vs Commercial Tools Result & Analysis Test Procedure Static Analysis
What to be Enumerated Network Shares and Resources Users and Groups Application and Banners IP and Port Scanning Pre-Scanning Phase Ping Sweep TCP Flags Scanning Techniques TCP Scanning SYN Scanning UDP Scanning ACK Scanning Windows Scanning FIN Scanning Other Scan Types
o o o o o o X-Mas Scan Null Scan Protocol Scan Idle Scan Cat Scan ICMP Scan
Do Not Scan These IP Addresses (Unless you want to get into trouble) OS Fingerprinting Active Fingerprinting Passive Fingerprinting: Banner Grabbing Wifi Scanning Hot spotting War Walking War Driving War Flying Hidden SSID Discovery Kyrion Digital Securities (P) Ltd.
Password Cracking: Mac OS Vulnerabilities in Mac OS Crafted URL CoreText Pointer Image IO Integer Overflow Image IO Memory Corruption UFS File System Overflow User Privilege Escalation Cracking Mac OS Malformed Installer Package Crack Worms and Viruses in Mac OS o Working o Removal Password Cracking o Single User Mode o Bootable Disc Attack Security Tools Password Cracking: Applications Various Attacks Brute Force Attack Brute Force with Mask Attack Dictionary Based Password Attack Password Cracking: E-mail/Online Accounts Keystroke Loggers Overview of Keystroke Logger Users Credentials Theft o On Spot Checking o Getting Logs on Mail o Remote Installation Shakehand: Antivirus and Keylogger
Phishing Hidden Frames URL Obfuscation HTML Image Mapping Password Cracking: Wifi Network Introduction to Wireless LAN Security Wireless LAN Technology General security threats Overview of Wireless LAN Security De-authentication Phase MAC Address Spoofing Getting Access of Wireless LAN WEP Key Cracking WPA De-authentication Attacks Hacking Hotspot: Rogue Access Point Setting up Rogue Access Point ESSID Selection Setting Channel Bridging Enabling IP Forwarding Manual Checking Ways to (mis)use Rogue Access Point
Data Leakage Network Scans Enterprise Data Access Free Internet Access DoS Attack
Why security is necessary in network? MetaSploit Framework Introduction to MSF: MetaSploit framework Working of MSF Exploitation with MSF o Using WebGUI o Using Console Web Application Attacks Injection Based Attacks SQL Injection Types of SQL Injection o Form Based o URL Based-Blind SQL Injection HTML Injection (Cross Site Scripting) XSS Types of XSS Attacks o Stored XSS or Persistent XSS o Reflected XSS or Non-Persistent XSS o DOM Based XSS Code Injection o Remote Code Execution Introduction to other Miscellaneous Web Based Attacks Application Username Enumeration Web Based Brute Forcing Anonymous Web Application Crawling Insecure Cryptographic Storage Broken Authentication and Session Management Basics of Cookies Stealing/Session Hijacking o What is Cookies Stealing/Session Hijacking o Session Hijacking: Threats o Attack the Victim HTTP Referrer Attack MITM Attack Man-in-the-Browser Attack Client Side Virus Attack
Threats to Network Confidentiality o Network Reconnaissance o Network Sniffing o Man in Middle Attack o Session Hijacking Integrity o Pharming o DNS Spoofing o ARP Poisoning Availability o MAC Flooding Operations in Network Security Network Mapping o Ping Sweep o Network Enumeration Buffer Overflow Exploitation Introduction to Computer Memory Architecture Concept of Buffer, Heap and Stack Introduction to Memory Exploitation/Buffer Overflow Categories of Error Conditions o Heap Based Overflow o Stack Based Overflow o Integer Based Overflow NOPS (No-Operation instructions) Introduction to Attack Hierarchy Logics of Payloads, Exploits Information Gathering and Identification Client Side Services Identification Setting up Arrow and Bow Exploitation Kyrion Digital Securities (P) Ltd.
www.kyrion.in
XSS Attack
www.kyrion.in
Data Recovering Technique Hardware Repair Logical Damage o Corrupt Partitions o Corrupt File System o Media Errors o Overwritten Damage Data Acquisition OS Volume Information Disk Imaging User Account Security: Windows Account Security Strengthening Strong Password Policy Additional Security: Syskey Encryption User Account Control : Parental Controls Restricting BIOS Setup Physical Security User Account Security: Linux Minimizing the Security Risks during Installation Secure Installation Minimal Application Selection Secure Partitioning Securing GRUB User Account Security Strengthening Strong Password Policy No GUI Login Policy for Root GRUB Menu Protection Restricting BIOS Setup Physical Security Wifi Security Securing the Perimeter Kyrion Digital Securities (P) Ltd.
Changing the Default Settings Cloaking the SSID MAC Filtering Static IP Configuration MAC IP Binding Increasing Security Encryption
Stop Human Hacking Social Engineering Attack Identification Personal Security Awareness Psychological Training Strict Policies for Voicemail Use Fax Use Phone Use Email Use Password Use Computer Use Securing Cyber Social Life Awareness is the Primary Key Email Security o Email Header Analysis o Tracing the Email path o Locating the Original Sender of the Email o Tracing Tool Email Filters o Spam Filtering o Blacklisting Servers and Emails Online Account Security Protocols Technical Controls: For Administrators Phishing Identification Methodology Patching Phishing Vulnerability Facebook Account Security
www.kyrion.in
Securing Applications Common Buffer Overflow Attack Avoid Buffer Overflow Attack Choice of Programming Language Code Pointer Integrity Checking StackGuard: Compiler-generated Checking Canary Values Use of Safe Libraries Pointer Protection Heap Implementation Hardening
Steganography ADS: Alternate Data Streams Securing Web Application Web Application Security Concept of Web Server and Database Server Introduction to Risk Assessment and Threat Modeling Authentication and Authorization Mechanism Session Management Cryptography Confidentiality, Integrity and Availability Configuration Management and Sensitive Data Parameter Manipulation and Exception Management Auditing and Logging System Recovery and Troubleshooting Detection and Removal of Malware Anti Malware Tools Manual Removal of Malwares o Through Process Viewer o Through Live CD Identifying General Error Codes System Repair Startup Repair Grub Management Cron Management Backup and Recovery OS Image Recovery o Backup Management o Restoring Backups o Restoring Restoration Points System Image Recovery Disc o Burning Disc o Box Recovery Third Party Software Recovery
Activation
Record
Integrity
Data Management: ADS, Cryptography and Steganography Cryptography Symmetric Key Cryptography o One time pad and stream ciphers o Block ciphers Message Integrity o Hashing Public Key Cryptography Digital Signatures Digital Certificate Cryptographic Algorithm o RSA o DES/ Triple DES o Kerberos User Client-based Logon Client Authentication Client Service Authorization Client Service Request Applied Cryptography o Network Encryption SSL/TLS IPsec o Disk Encryption Kyrion Digital Securities (P) Ltd.
www.kyrion.in
Secure System Configuration Components in Network/Computer Security Firewall o Types of Firewall Intrusion Detection System (IDS) Intrusion Prevention System (IPS) Proxy Servers Demilitarized Zone o Honey Pots
Indian Cyber Law Introduction to IT Act 2000 Amendment 2008 Under Umbrella of IT Act 2000 o Cyber Crimes o Electronic and Digital Signatures o Intellectual Property o Data Protection and Property Limitations of IT Act 2000